Compute Engine IAM permissions

Google Identity Access and Management (IAM) offers the ability to create
customized IAM roles. You can create custom IAM roles and
assign the role one or more permissions. Then, you can grant the newly-created
role to your collaborators. Use custom roles to create an access
control model that maps directly to your needs, alongside the available
predefined roles offered by
Google.

You can find out which permissions are required for each method in the
Compute Engine API reference documentation:

This document does not describe how to create a custom role. You can find
in-depth information about custom roles and step-by-step instructions to create
custom a role, in
Creating and Managing Custom Roles.